From 63221ffe9d22021e2cb14b3cdfeca7b995303acc Mon Sep 17 00:00:00 2001 From: masnwilliams <43387599+masnwilliams@users.noreply.github.com> Date: Wed, 8 Jul 2026 17:49:45 +0000 Subject: [PATCH 1/2] Document that 1Password integration does not support SSO flows Add a callout clarifying that Managed Auth fills direct logins (username/password + TOTP) from 1Password, and that SSO/identity-provider flows are unsupported because the 1Password API only exposes stored credential values. Co-Authored-By: Claude Opus 4.7 --- integrations/1password.mdx | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/integrations/1password.mdx b/integrations/1password.mdx index e93775b..6025b4d 100644 --- a/integrations/1password.mdx +++ b/integrations/1password.mdx @@ -139,6 +139,14 @@ If multiple items match a domain, the first match is used. Organize your vaults If your 1Password item has a one-time password (TOTP) field configured, it will be used automatically for 2FA—no additional setup needed. +## Supported Login Types + +Managed Auth fills **direct logins** from 1Password: username/password credentials plus any TOTP field for 2FA. + + +SSO and other identity-provider flows (e.g. "Sign in with Google" or "Sign in with Microsoft") are not supported. The 1Password API only exposes stored credential values, not identity sessions, so Managed Auth can only complete direct logins. + + ## Credential Options The `credential` object supports multiple sources: From 222a52c85c3a6d8670336e343c899322230cc6a3 Mon Sep 17 00:00:00 2001 From: masnwilliams <43387599+masnwilliams@users.noreply.github.com> Date: Wed, 8 Jul 2026 17:52:28 +0000 Subject: [PATCH 2/2] Clarify 1Password limitation is linked-item references, not SSO broadly Direct logins to identity providers (e.g. signing into Google/Gmail with a stored username/password/TOTP) work. The unsupported case is 1Password's "sign in with" linked-item reference, which is not exposed via the API. Co-Authored-By: Claude Opus 4.7 --- integrations/1password.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/integrations/1password.mdx b/integrations/1password.mdx index 6025b4d..af9ea3f 100644 --- a/integrations/1password.mdx +++ b/integrations/1password.mdx @@ -141,10 +141,10 @@ If your 1Password item has a one-time password (TOTP) field configured, it will ## Supported Login Types -Managed Auth fills **direct logins** from 1Password: username/password credentials plus any TOTP field for 2FA. +Managed Auth fills **direct logins** from 1Password items: username/password credentials plus any TOTP field for 2FA. This includes signing directly into an identity provider itself—for example logging into a Google or Gmail account with its stored username, password, and TOTP. -SSO and other identity-provider flows (e.g. "Sign in with Google" or "Sign in with Microsoft") are not supported. The 1Password API only exposes stored credential values, not identity sessions, so Managed Auth can only complete direct logins. +1Password's linked-item "sign in with" references are not supported. When an item delegates authentication to a separate item—for example a PostHog item set to **sign in with Google**—that link is not exposed through the 1Password API, so Managed Auth can't follow it to the underlying credential. Store a direct login (username/password, plus a TOTP field if needed) for the target site instead. ## Credential Options